From c526d8ae0dca368c3a6bd85fcc873339994dfefa Mon Sep 17 00:00:00 2001
From: dallaslu <dallaslu@noreply.forge.st>
Date: Fri, 5 Jun 2026 04:27:57 +0000
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20security.conf?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 security.conf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 security.conf

diff --git a/security.conf b/security.conf
new file mode 100644
index 0000000..9a3be44
--- /dev/null
+++ b/security.conf
@@ -0,0 +1,15 @@
+server_tokens off;
+## Don't show the nginx version number, a security best practice
+  
+add_header	Referrer-Policy	origin-when-cross-origin always;
+add_header	X-Frame-Options	SAMEORIGIN;
+add_header	X-Content-Type-Options	nosniff;
+#add_header	X-XSS-Protection "1; mode=block" always;
+add_header	X-XSS-Protection "0";
+
+#more_clear_headers	'X-Powered-By';
+
+# Redirect `example.com.` to `example.com`
+if ($http_host ~ "\.$" ){
+    rewrite ^(.*) $scheme://$host$1 permanent;
+}
\ No newline at end of file